2

I'm a brand newbie...

I am attempting to log on to my website in VS2010, which connects to an existing SQL Server 2008 Express database through asp.net, utilizing C# as the code behind.

Here's my login.aspx.cs code:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.IO;
using System.Net.Mail;
using System.Data.SqlClient;
using System.Web.Configuration;

public partial class Login : BasePage
{
    protected void Page_Load(object sender, EventArgs e)
    {
    }

    protected void btnlogin_Click(object sender, EventArgs e)
    {
        int Results = 0;

        if (txtUsername.Text != string.Empty && txtPassword.Text != string.Empty)
        {

            Results = Validate_Login(txtUsername.Text.Trim(), txtPassword.Text.Trim());

            if (Results == 1)
            {
                lblMessage.Text = "Login is Good, Send user to another page or enable controls.";
            }
            else
            {
                lblMessage.Text = "Username or Password is incorrect.";
                lblMessage.ForeColor = System.Drawing.Color.Red;
            }
        }
        else
        {
            lblMessage.Text = "Please make sure that your username and password is correct.";
        }
    }

    protected int Validate_Login(String Username, String Password)
    {
        SqlConnection con = new SqlConnection(@"Server=MARIOM-PC\SQLEXPRESS;Database=Logon");

        SqlCommand cmdselect = new SqlCommand();

        cmdselect.CommandType = System.Data.CommandType.StoredProcedure;

        cmdselect.CommandText = "[dbo].[prcLoginv]";

        cmdselect.Parameters.Add("@Username", System.Data.SqlDbType.VarChar, 50).Value = Username;
        cmdselect.Parameters.Add("@Password", System.Data.SqlDbType.VarChar, 50).Value = Password;
        cmdselect.Parameters.Add("@OutRes", System.Data.SqlDbType.Int, 4);
        cmdselect.Parameters["@OutRes"].Direction = System.Data.ParameterDirection.Output;

        cmdselect.Connection = con;

        int Results = 0;

        try
        {
            con.Open();

            cmdselect.ExecuteNonQuery();

            Results = (int)cmdselect.Parameters["@OutRes"].Value;
        }
        catch (SqlException ex)
        {
            lblMessage.Text = ex.Message;
        }
        finally
        {
            cmdselect.Dispose();

            if (con != null)
            {
                con.Close();
            }
        }

        return Results;
    }
}

When I click my Log In button, it takes me to my C# code behind which should iterate through the btn_Login_Click, then the Validate_Login method. But then it does not correctly update my login page with the correct information. I always get the "incorrect password" error.

Please help!

Improve this question
3
  • Have you stepped through your code in debug mode? What's the value of Results when returned? What is your PROC doing in the background? Commented Dec 1, 2012 at 8:53
  • @codingbiz Taking your advice, I debugged and stepped through my code line by line. The value of Results is 0 when the correct username and password are entered. My stored procedure should be knifing through the entered information to see if username and password match and if outres is set to 1. Outres = Results = 0 at this point. Commented Dec 1, 2012 at 10:04
  • So it's either a problem with your stored procedure, or something is going wrong with ADO.Net so that it's not getting the correct return value. The code you've posted looks good though. Commented Dec 1, 2012 at 19:05

1 Answer 1

Reset to default
2

I would recommend you use Windows Forms Authentication

to set up forms authentication to sql server database

go to C:>>Windows>>Microsoft.Net>Framework>>your version example mines v4.0>>aspnet_reqsql.exe

its a wizard to setup forms authentication scheme to your specific database.

then in your web.config

<connectionStrings>
    <add name="ConnectionStringName" connectionString="*********" providerName="System.Data.SqlClient"/>
  </connectionStrings>
  <system.web>
    <roleManager enabled="true"/>
    <compilation debug="true" targetFramework="4.0">
      <assemblies>
        <add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
        <add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
        <add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      </assemblies>
    </compilation>
    <authentication mode="Forms">
      <forms loginUrl="login.aspx"/>
    </authentication>
    <membership defaultProvider="SqlProvider">
      <providers>
        <clear/>
        <add connectionStringName="ConnectionStringName" applicationName="/" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" passwordFormat="Hashed" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" name="SqlProvider" type="System.Web.Security.SqlMembershipProvider"/>
      </providers>
    </membership>
  </system.web>

login.aspx

just drag and drop Login control to your page you can use Web Site Administration Tool to set rights and user and restrict user from certain folders.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

thanks for the advice. I'm currently implementing the change and will let you know how things are turning out.
Wow, thanks man. I'd give you a +1 if I could. The only thing is now I have all this commented out code in my aspx.cs file....

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.